Assume that you apply Update Rollup 15 in a Microsoft Exchange Server 2007 environment that has Federal Information Processing Standard (FIPS) enabled. Then, you open a digitally signed message, or a Non-delivery report (NDR) message that contains a digital signature in Outlook Web Access. In this situation, you receive the following error message:
Exception Exception type: System.InvaIidOperationException Exception message: This implementation is not part of the Windows Platform FIPS validated algorithms.
This issue occurs because the HMACSHA256 algorithm that is used to decode digitally signed messages in Outlook Web Access is not FIPS compliant, and FIPS is enforced on a computer that runs Outlook Web Access.
Note HMACSHA256 is a kind of keyed hash algorithm that is constructed from the SHA-256 hash function and used as a Hash-based Message Authentication Code (HMAC).